This issue concerns security and UI
I was searching about how to set a regex check on user password in order to increase security in my wiki and found that it can be overrun quite easily.
At this moment we can set the password of a user in using different ways which all have their own password quality checks :
- Registration => XWiki/Registration
- Password recovery => XWiki/ResetPasswordComplete
- Admin user creation process => XWiki/XWikiPreferences?editor=globaladmin§ion=Users#
- Password modification by the user himself => XWiki/PROFIL?xpage=passwd
On a quality POV, some have regex checks, some have no check except that password and retype password fit.
On a UI POV, some checks does need to reload the page, some doesn't and some display errors in a modal when others directly in the form while writing.
It would be best to use only one script to check the password quality for all places since at this moment your password can be one letter long and modifying the checks take 4 times the time..